<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Indexing and .gov.au seem to be all over the place. <div><br></div><div><a href="http://education.qld.gov.au/corporate/hr/ap/">http://education.qld.gov.au/corporate/hr/ap/</a></div><div><br></div><div><a href="http://www.climatechangeinaustralia.gov.au/documents/resources/">http://www.climatechangeinaustralia.gov.au/documents/resources/</a></div><div><br></div><div>the list just went on and on.</div><div><br></div><div><br><div apple-content-edited="true">
<span class="Apple-style-span" style="font-weight: 900; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><span class="Apple-style-span" style="font-weight: 900; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><span class="Apple-style-span" style="font-weight: 900; "><span class="Apple-style-span" style="font-family: Helvetica; border-collapse: separate; color: rgb(0, 0, 0); font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><span class="Apple-style-span" style="font-weight: 900; -webkit-text-decorations-in-effect: underline; "><div><b><b><b><b><font class="Apple-style-span" color="#144FAE"><span class="Apple-style-span" style="color: rgb(0, 0, 0); font-weight: 800; -webkit-text-decorations-in-effect: none; "><div><b><p class="MsoNormal" style="font-family: Helvetica; "><b><span lang="EN-US"><br class="Apple-interchange-newline">Keith Anderson</span></b><span lang="EN-US"><br><b>Managing Director</b><span style="color: teal; "> | <a href="http://www.apcs.com.au/">APCS</a> / </span></span><span lang="EN-US"><a href="http://www.wip.net.au/">WIP</a><br>Australia Power Control Systems</span></p><p class="MsoNormal" style="font-family: Helvetica; "><span lang="EN-US">C/o Coffs Harbour Media Centre<br>2 Peterson Road,<br>Coffs Harbour NSW 2450</span></p><p class="MsoNormal" style="font-family: Helvetica; "></p></b></div></span></font></b></b></b></b></div></span></span><span class="Apple-style-span" style="font-weight: 900; "><b><b><b><b><font class="Apple-style-span" color="#144FAE"><span class="Apple-style-span" style="color: rgb(0, 0, 0); font-weight: 800; -webkit-text-decorations-in-effect: none; "><div style="display: inline !important; "><b><p class="MsoNormal" style="display: inline !important; "><span lang="EN-US"><strong>T:</strong> 1300 3000 56 | <strong style="font-family: Helvetica; "><span style="font-family: Cambria; ">F:</span></strong> 1300-765-427<br></span></p></b></div></span></font></b></b></b></b></span><span class="Apple-style-span" style="font-family: Helvetica; font-weight: 900; "><b><b><b><b><font class="Apple-style-span" color="#144FAE"><span class="Apple-style-span" style="color: rgb(0, 0, 0); font-weight: 800; -webkit-text-decorations-in-effect: none; "><div style="display: inline !important; "><b><p class="MsoNormal" style="display: inline !important; "><span lang="EN-US"><strong style="font-family: Helvetica; "><span style="font-family: Cambria; ">E:</span></strong> <a href="mailto:keitha@apcs.com.au">keitha@apcs.com.au</a></span></p></b></div></span></font></b></b></b></b></span><span class="Apple-style-span" style="font-family: Helvetica; border-collapse: separate; color: rgb(0, 0, 0); font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><span class="Apple-style-span" style="font-weight: 900; -webkit-text-decorations-in-effect: underline; "></span><span class="Apple-style-span" style="font-weight: 900; -webkit-text-decorations-in-effect: underline; "><div><b><b><b><b><font class="Apple-style-span" color="#144FAE"><span class="Apple-style-span" style="color: rgb(0, 0, 0); font-weight: 800; -webkit-text-decorations-in-effect: none; "><div><b></b></div></span></font></b></b></b></b></div></span></span><span class="Apple-style-span" style="font-family: Helvetica; border-collapse: separate; color: rgb(0, 0, 0); font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><span class="Apple-style-span" style="font-weight: 900; -webkit-text-decorations-in-effect: underline; "><div><b><b><b><b><font class="Apple-style-span" color="#144FAE"><span class="Apple-style-span" style="color: rgb(0, 0, 0); font-weight: 800; -webkit-text-decorations-in-effect: none; "><div><b><p class="MsoNormal"><span lang="EN-US"><br></span></p><p class="MsoNormal" style="font-family: Helvetica; "><br></p><b><b><b><b><b style="font-family: Helvetica; "><br class="Apple-interchange-newline"></b></b></b></b>
</b></b></div><b><b>
</b></b></span></font></b></b></b></b></div></span></span></span></span></span></span></span></div><br><div><div>On 08/01/2014, at 11:30 PM, Patrick Webster wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><p dir="ltr">I hope for his sake it is quickly realised he is just trying to help them and that will be the end of it.</p><p dir="ltr">There was enough fuss about my FSS incident by changing a bloody number in a URL. Sounds like he went a little further than just changing a number.</p><p dir="ltr">I read it as SQL injection which is harder to brush off as a simple URL typo. The today tonight (?) video of him appears to show him playing around with a JSON interface. But that could just be for show. I hope it isn't as silly as +Indexes.</p><p dir="ltr">But regardless, police and Melbourne Transport or whatever they are called should look at intent, and intent alone.</p><p dir="ltr">All these accidental cracker stories are getting tiring. Why is there never a focus on how stupid of a mistake the corporation made? It is getting to the point where the layman is starting to understand there are good samaritans and they aren't to blame.</p><p dir="ltr">It is time law enforcement caught up with the Australian community acceptable standards.<br>
</p>
<div class="gmail_quote">On 8 Jan 2014 23:20, "Tim March" <<a href="mailto:march.tim@gmail.com">march.tim@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Anyone know what the actual "hack" was? A couple of links I found<br>
implied he "found an old database while browsing," which just sounds<br>
like they had +Indexes and Google found it.<br>
<br>
FWIW I found a directory indexing issue in $GovAUAgency a couple of<br>
years back with db dumps, credentials, admin scripts, SSH keys, bash<br>
logs (lock, stock, the lot...) and tried to notify their infrastructure<br>
provider. It was a nightmare. I ended up talking Ralph<br>
Wiggum^H^H^H^H^H^H^H^H^H^H^Ha support punter through it on the phone...<br>
<br>
"open your browser... now go to Google... Now search for<br>
'site:$GovAUAgency filetype:sql'"<br>
<br>
"What is it?"<br>
<br>
"Umm... Show that to your security punters"<br>
<br>
"My tummy feels funny *mouth breathing*"<br>
<br>
<br>
... The site was like it for months afterwards.<br>
<br>
TL;DR; If the kid was Google hacking, responsibly disclosed and they<br>
called the Fuzz that's pretty poor form.<br>
<br>
<br>
<br>
T.<br>
<br>
On 8/01/14 10:35 PM, Damian Guppy wrote:<br>
> Oh Good. Now watch as prosecutors press the courts to enhance the<br>
> charges so he can be tried as an adult and sentenced to more time behind<br>
> bars than the latest murder.<br>
><br>
> --Damian<br>
><br>
><br>
> On Wed, Jan 8, 2014 at 7:28 PM, Patrick Webster <<a href="mailto:patrick@aushack.com">patrick@aushack.com</a><br>
> <mailto:<a href="mailto:patrick@aushack.com">patrick@aushack.com</a>>> wrote:<br>
><br>
> <a href="http://m.theage.com.au/it-pro/security-it/hacked-site-reports-boy-to-police-20140108-hv7tl.html" target="_blank">http://m.theage.com.au/it-pro/security-it/hacked-site-reports-boy-to-police-20140108-hv7tl.html</a><br>
><br>
><br>
> _______________________________________________<br>
> AusNOG mailing list<br>
> <a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a> <mailto:<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>><br>
> <a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> AusNOG mailing list<br>
> <a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
> <a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
><br>
<br>
--<br>
PGP/GNUPG Public Key: <a href="http://d3vnu11.com/pub.key" target="_blank">http://d3vnu11.com/pub.key</a><br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</blockquote></div>
_______________________________________________<br>AusNOG mailing list<br><a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>http://lists.ausnog.net/mailman/listinfo/ausnog<br></blockquote></div><br></div></body></html>